I want to store user information like credit card debit card number user address and other sensitive information in encrypted form in my database.
Is there any effective function in laravel that encrypt or decrypt data with integrity and work effective when data is big.
I want some encryption methodology that is hard to decrypt by outsider person. In case of server hack
https://laravel.com/docs/5.7/encryption
You still even if encrypted never, ever, never, ever, ever ,ever never... store credit card info on your server.
And in case that was not enough, DO NOT EVER STORE CREDIT CARD DATA ON YOUR SERVER. Upon keeping that data, you are now liable for EVERYTHING that happens to it... and screw that.
But yeah there is encryption... but dont store that stuff... it will ALWAYS come back to bit you.
You should probably look into PCI Compliance before you consider doing anything further with this.
Actually I am making option of save credit card details for fast checkout but I am worried about uses sensitive information.
So brother, where is the safest way to store these kind of data. How other big companies are storing these data in the database.
@devops - They aren't storing this info in their databases. Depending on your payment gateway, you should have some kind of token for the customer that you can store in the database. With that token, you can make a request to the provider to get the user's payment info.
If you want to encrypt the token you can easily do so like this:
// store
encrypt($value);
// retrieve
decrypt($value);
Immediately stop and consider another career. Or You were given a reference to look up above look it up and learn that stuff.
@Dev0ps to be honest, those companies spend literally millions of dollars year on their security, and it still fails. They have the money to fight the lawsuits. I highly doubt you have a spare 5-10 million to fight a data breach.
I, when I want to make checkout faster, use a service like stripe, paypal, authorize.net, braintree, and any one of the thousands and thousands of other payment gateways.
Those payment gateways take the burden of protecting the data, and remove direct liability from you.
There is only 1 fool proof, unhackable way to keep data on a server safe. Never put it there. There is NO other way to keep the data safe. Given enough time, ALL data is hackable.
@wilk_randall this token is sound interesting and Secure.. can you give me a basic idea how actually I make it.
Well you don't make it yourself. You receive one based on your payment gateway when you create a new customer account. Personally, I prefer Stripe, but to each his own.
IT is NOT secure... it is only "more" secure than a basic string. You are making a huge mistake.
I advise you listen to @jlrdw
Ok guys thanks a lot I immediately stop storing cards detail actually we are in development stage and we just think on it and this is the reason I posted this post for getting experts advice. And now finally I realise that this idea is not good and I need to go with PayPal or payu money as we think earlier.
Thank you. Your customers will thank you.
Yes brothers I stop it but I still curious to know can we can build a system that encrypt or decrypt data which is protected by a key and that is stored in the end the server.
@DevOps - Look at the encryption link @cmdobueno provided earlier. That should get you started with that.
@cmdobueno @wilk_randall thank you for actively participating in this post I really appreciate your valuable feedback and knowledge thank you so much.
Please or to participate in this conversation.